General
-
Target
excellent.rar
-
Size
8.2MB
-
Sample
240628-wm3y1sxhkf
-
MD5
74390a2247fd11601ddbe918121b2a2a
-
SHA1
67986feefd597389e1fc1d8386af318100f446a2
-
SHA256
0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de
-
SHA512
05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f
-
SSDEEP
196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd
Static task
static1
Behavioral task
behavioral1
Sample
excellent.rar
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
excellent.rar
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
excellent.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
excellent.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
libGLESv2.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
updater.ini
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
updater.ini
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
6627938439_99
https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac
Targets
-
-
Target
excellent.rar
-
Size
8.2MB
-
MD5
74390a2247fd11601ddbe918121b2a2a
-
SHA1
67986feefd597389e1fc1d8386af318100f446a2
-
SHA256
0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de
-
SHA512
05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f
-
SSDEEP
196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
excellent.exe
-
Size
296KB
-
MD5
efad4f96f696391769ef9944978dbb3b
-
SHA1
42ad30f7af140544eaeb8cc32d8fe5568aca8944
-
SHA256
26e9f0c78dde027c60eeacca5852a8f08853c440048ae45cbb054fd12e0cddd2
-
SHA512
427b793cd433be1251d8348a5d788ff4c927c5c78c6d2ad15a5de4de64f57e1c0182534d180de388734e28a4563f1b92fc30f1365356bd2fe6546beaf6da9da4
-
SSDEEP
6144:KL4miZW6NAIn7RMWhrWzMCx5T2exIT4tifYfcDVn0Q0+A9b/pcvEV:KEI5I7XCMCx5T2exIT4tifYfcDVn0Q0n
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
libGLESv2.dll
-
Size
6.8MB
-
MD5
90ad3c47740fce98015444d1289af9b9
-
SHA1
0135a04b2b590e1647e3a2b123596d62d57fece0
-
SHA256
2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1
-
SHA512
40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e
-
SSDEEP
98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim
Score1/10 -
-
-
Target
updater.ini
-
Size
3.6MB
-
MD5
971543b2412541a890ec173524db2ccf
-
SHA1
0e49b25e0dc320a85d3c11908a444779695501f5
-
SHA256
2096cacb59cb1bcf9605e4d6897e02007e06f2cf1ace4cda961c0ae2b57fc8aa
-
SHA512
bf1c9677f32c24a64d058f6d42f4d65c5d52c94777513b3f7793e62fb974209891881d0d437aeba20a75d4aac1096e1205baa631d98e038ade5f42500e752bed
-
SSDEEP
49152:dD6v+il2pVC/GDm70+mdGJ4B6YtYAgbMKl4wRd0:9S6Vaem7EdGSfhgbMKl4F
Score1/10 -